#!/bin/bash

# CVE Query Runner Script
# Runs all jq queries from the jq_queries directory against cve.json
# 
# This script demonstrates how to use parameterized jq queries by passing
# hard-coded demo values for testing and demonstration purposes.
# In production use, you would replace these demo values with actual parameters.

set -e

CVE_FILE="cve.json"
QUERIES_DIR="jq_queries"

# Demo parameter values - change these to test different scenarios
# These values are intentionally hard-coded for demonstration purposes
DEMO_CVE="CVE-2024-38095"       # Primary CVE for demonstrations
DEMO_RELEASE="8.0"              # .NET release version for testing
DEMO_VERSION="8.0.5"            # Specific version to check for vulnerabilities  
DEMO_TEST_CVE="CVE-2024-99999"  # Non-existent CVE for error handling demos
DEMO_TEST_RELEASE="9.0"         # Release that may not exist in data

# Check if cve.json exists
if [[ ! -f "$CVE_FILE" ]]; then
    echo "Error: $CVE_FILE not found in current directory"
    exit 1
fi

# Check if queries directory exists
if [[ ! -d "$QUERIES_DIR" ]]; then
    echo "Error: $QUERIES_DIR directory not found"
    exit 1
fi

echo "Running CVE queries against $CVE_FILE"
echo "========================================"

# Function to run a query with proper error handling
run_query() {
    local query_file="$1"
    local query_name=$(basename "$query_file" .jq)
    local extra_flags="$2"
    
    echo
    echo "--- $query_name ---"
    
    if jq -r $extra_flags -f "$query_file" "$CVE_FILE" 2>/dev/null; then
        echo "✅ Query completed successfully"
    else
        echo "❌ Query failed or returned no results"
    fi
}

# Function to run a parameterized query
run_param_query() {
    local query_file="$1"
    local query_name=$(basename "$query_file" .jq)
    local params="$2"
    
    echo
    echo "--- $query_name ---"
    
    if jq -r $params -f "$query_file" "$CVE_FILE" 2>/dev/null; then
        echo "✅ Query completed successfully"
    else
        echo "❌ Query failed or returned no results"
    fi
}

# Run basic queries first
echo "=== BASIC LOOKUPS ==="
run_query "$QUERIES_DIR/get_all_cve_ids.jq"
run_query "$QUERIES_DIR/get_cves_by_severity.jq"
run_query "$QUERIES_DIR/get_cve_details.jq"

echo
echo "=== INDEX-BASED QUERIES ==="
# Demo: Looking up CVEs for .NET release
run_param_query "$QUERIES_DIR/cves_by_release.jq" "--arg release \"$DEMO_RELEASE\""
# Demo: Looking up releases affected by primary demo CVE
run_param_query "$QUERIES_DIR/releases_by_cve.jq" "--arg cve \"$DEMO_CVE\""
run_query "$QUERIES_DIR/cves_by_product.jq"

echo
echo "=== COMPONENT ANALYSIS ==="
run_query "$QUERIES_DIR/get_all_affected_products.jq"
run_query "$QUERIES_DIR/get_fixed_versions_products.jq"
run_query "$QUERIES_DIR/get_fixed_versions_packages.jq"

echo
echo "=== COMMIT ANALYSIS ==="
# Demo: Get commit URLs for primary demo CVE
run_param_query "$QUERIES_DIR/get_commits_for_cve.jq" "--arg cve \"$DEMO_CVE\""
# Demo: Get commit URLs for demo release CVEs
run_param_query "$QUERIES_DIR/get_commits_for_release.jq" "--arg release \"$DEMO_RELEASE\""
run_query "$QUERIES_DIR/repository_commit_summary.jq"

echo
echo "=== RISK ASSESSMENT ==="
run_query "$QUERIES_DIR/cves_with_release_impact.jq"
run_query "$QUERIES_DIR/components_with_multiple_vulnerabilities.jq"
run_query "$QUERIES_DIR/cross_component_impact_analysis.jq"

echo
echo "=== TEMPORAL ANALYSIS ==="
run_query "$QUERIES_DIR/age_of_vulnerabilities.jq"

echo
echo "=== VERSION VULNERABILITY ASSESSMENT ==="
# Demo: Check if demo version is vulnerable
run_param_query "$QUERIES_DIR/check_version_vulnerable.jq" "--arg release \"$DEMO_RELEASE\" --arg version \"$DEMO_VERSION\""
# Demo: Check release-specific packages for vulnerabilities
run_param_query "$QUERIES_DIR/check_release_packages_vulnerable.jq" "--arg release \"$DEMO_RELEASE\""
# Demo: Check product vulnerabilities for specific version
run_param_query "$QUERIES_DIR/check_product_version_vulnerable.jq" "--arg version \"$DEMO_VERSION\""

echo
echo "=== PLATFORM-SPECIFIC ANALYSIS ==="
run_query "$QUERIES_DIR/cves_by_platform.jq"

echo
echo "=== ADVANCED QUERIES ==="
run_query "$QUERIES_DIR/packages_requiring_immediate_attention.jq"
run_query "$QUERIES_DIR/patch_deployment_summary.jq"
run_query "$QUERIES_DIR/release_independent_packages.jq"

echo
echo "=== EMERGENCY RESPONSE QUERIES ==="
run_query "$QUERIES_DIR/immediate_risk_assessment.jq"
run_query "$QUERIES_DIR/most_vulnerable_component.jq"

echo
echo "=== REPORTING AND DISPLAY ==="
run_query "$QUERIES_DIR/cve_report_with_display_names.jq"
run_query "$QUERIES_DIR/product_report_with_names.jq"
run_query "$QUERIES_DIR/security_advisory_full_taxonomy.jq"

echo
echo "=== ERROR HANDLING & VALIDATION ==="
# Demo: Test error handling with non-existent CVE
run_param_query "$QUERIES_DIR/defensive_cve_lookup.jq" "--arg cve \"$DEMO_TEST_CVE\""
# Demo: Check release that may not exist in data
run_param_query "$QUERIES_DIR/safe_version_queries.jq" "--arg release \"$DEMO_TEST_RELEASE\""
run_query "$QUERIES_DIR/validate_severity_mappings.jq"
run_query "$QUERIES_DIR/validate_product_mappings.jq"
run_query "$QUERIES_DIR/validate_platform_mappings.jq"


echo
echo "========================================"
echo "All queries completed!"

# Summary information
total_queries=$(find "$QUERIES_DIR" -name "*.jq" | wc -l)
echo "Total queries available: $total_queries"